HR811 Does Not Require Source Code Disclosure

Thu Sep 06 2007 00:00:00 GMT+0000 (Coordinated Universal Time)

elections

Many people seem to erroneously think that HR811 requires the disclosure of voting system source code. For example, in a recent press alert, Doug Lewis of The Election Center says:

The provision that covers source code is giving a blueprint for malice in the elections process and Congress would be far better copying the language developed by Senator Feinstein in S1487 on access to source codes.

However, HR811 doesn't reach source code. Allow me to explain...

When HR811 was reported out of committee, a key definition was changed. Under HR811, voting systems are prohibited for use in federal elections unless voting system vendors deposit "election-dedicated voting system technology" in escrow. Also, these materials must be made available to three classes of people:

Governmental entities that administer elections in order to review, analyze or report on the technology.
Parties in pre- or post-election litigation to review or analyze the technology in support of the litigation.
Persons who review, analyze or report on the technology solely for an academic, scientific or technological investigation.

For most of the life of the Holt Bill, the definition of what materials these classes of people got access to in order to support their review, analysis or reporting included voting system source code. However, when reported out of committee, the definition of "election-dedicated voting system technology" was changed to point to the 2005 Voluntary Voting System Guidelines definition of "voting system software". That definition reads:

voting system software: All the executable code and associated configuration files needed for the proper operation of the voting system. This includes third party software such as operating systems, drivers, and database management tools. See also dynamic voting system software, semi-static voting system software, and static voting system software.

This is an operational definition; that is, this includes things one would need to operate the equipment. It is not an analytical definition; that is, it doesn't include the things that one would need to analyze and review the technology. For that, at a minimum, one would need access to source code.

A group of experts, including, Andrew Appel, David Dill, Edward Felten, David Jefferson, Avi Rubin, Barbara Simons, Warren Stewart, David Wagner, Dan Wallach, John Washburn and myself wrote a letter on May 22, 2007 of this year expressing concern with this change and recommending that the legislation point to a different, more analytical definition of the elements needed for voting system analysis and review.

This stance was crafted to mirror the language in the Committee Report on HR 811 (pp.19-20) which included the definitional reference that our letter emphasized (actually, I think that simply citing to section 5.7 of the VSTCP Manual would be sufficient).

However, the language of the bill has not been changed and it appears the bill will go up for a floor vote this week.

What does this mean? This means that any of the three classes of people listed above will only have access to "executable code" and "configuration files" from voting system software. That is simply not adequate for a thorough voting system review. There are certain types of analysis that are made impossible without access to source code and other types of analysis which are made so difficult as to be close to impossible. In many cases, this would require decompilation of the executable software which is a laborious, imprecise and arcane process on code bases like these which can be very large.

In my opinion, the current language is misleading as it appears to give broader access than it actually does. The options to correct this seem to be (in order of personal preference):

Modify the language to explicitly include source code (I won't even mention build environments)
Modify the language to explicitly include access to other useful things that are not source code (ballot definitions, audit logs, on-board vote data, etc.). These are particularly important in legal challenges.
Eliminate the disclosure provisions entirely.

Despite this problem, I continue to think -- along with Avi, Ed and Matt (EFF) -- that HR811 is an important and necessary step in U.S. election reform.

UPDATE [2007-09-12T14:22:12]: By request, I have taken down the letter referenced above.